Skip to content

Instantly share code, notes, and snippets.

@shanedroid

shanedroid/jenkins_plugins.yml

Last active September 18, 2017 14:31
Show Gist options
  • Save shanedroid/b9ffd39417c0c799481fb275392901bb to your computer and use it in GitHub Desktop.
Save shanedroid/b9ffd39417c0c799481fb275392901bb to your computer and use it in GitHub Desktop.
Download ZIP
Tasks to be used in a wrapper role in conjunction geerlingguy.jenkins to handle Jenkins Plugins
Raw
jenkins_plugins.yml
---
# Setting plugins using our own role to be able to pin exact versions
# https://github.com/geerlingguy/ansible-role-jenkins/issues/122
# https://github.com/geerlingguy/ansible-role-jenkins/issues/85
# On initial provisioning run do not set {{ jenkins_master__github_token }}
# After githuboath plugin is configured on a Jenkins Master, the a
# Github personal token must be used for configuring Jenkins
- name: set options for jenkins plugins with initial admin password (default security)
set_fact:
jenkins_params:
jenkins_home: "{{ jenkins_home }}"
timeout: "{{ jenkins_plugin_timeout }}"
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
url_password: "{{ jenkins_admin_password }}"
url_username: "{{ jenkins_admin_username }}"
when: >
jenkins_admin_password != "" and
jenkins_master__github_token == ""
# GitHubOath is enabled/configured, {{ jenkins_master__github_token }} is set
# https://wiki.jenkins.io/display/JENKINS/GitHub+OAuth+Plugin#GitHubOAuthPlugin-CallingJenkinsAPIusingGitHubPersonalAccessTokens
- name: set options for jenkins plugins with Bot-User Github Token (github oath security)
set_fact:
jenkins_params:
jenkins_home: "{{ jenkins_home }}"
timeout: "{{ jenkins_plugin_timeout }}"
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
url_username: "{{ github_bot }}"
url_password: "{{ jenkins_master__github_token }}"
when: jenkins_master__github_token != ""
# relying on local fact rather than handler for jenkins restart because
# jenkins restart needs to occur before a plugin can be enabled
- name: set initial jenkins restart fact
set_fact:
jenkins_restart_required: no
- name: install unversioned jenkins plugins with dependencies
jenkins_plugin:
name: "{{ item.key }}"
state: present
with_dependencies: yes
params: "{{ jenkins_params }}"
register: jenkins_unversioned_plugins
when: >
'version' not in item.value and
'installed' in item.value and
item.value.installed
with_dict: "{{ jenkins_master__plugins }}"
- name: install versioned jenkins plugins without dependencies
jenkins_plugin:
name: "{{ item.key }}"
version: "{{ item.value.version }}"
state: present
with_dependencies: no
params: "{{ jenkins_params }}"
register: jenkins_versioned_plugins
when: >
'version' in item.value and
'installed' in item.value and
item.value.installed
with_dict: "{{ jenkins_master__plugins }}"
- name: update installed jenkins plugins
jenkins_plugin:
name: "{{ item.key }}"
state: latest
with_dependencies: yes
params: "{{ jenkins_params }}"
register: jenkins_updated_plugins
when: >
'version' not in item.value and
'update' in item.value and
item.value.update and
'installed' in item.value and
item.value.installed
with_dict: "{{ jenkins_master__plugins }}"
- name: remove jenkins plugins
jenkins_plugin:
name: "{{ item.key }}"
state: absent
params: "{{ jenkins_params }}"
register: jenkins_removed_plugins
when: >
'installed' in item.value and
not item.value.installed
with_dict: "{{ jenkins_master__plugins }}"
- name: check if jenkins restart is required from plugin actions
set_fact:
jenkins_restart_required: yes
when: item.changed
with_items:
- "{{ jenkins_unversioned_plugins.results }}"
- "{{ jenkins_versioned_plugins.results }}"
- "{{ jenkins_updated_plugins.results }}"
- "{{ jenkins_removed_plugins.results }}"
- name: restart jenkins if required
service:
name: jenkins
state: restarted
when: jenkins_restart_required
- name: wait for jenkins to start up after any plugin install (default security)
uri:
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
status_code: 200
timeout: 5
register: jenkins_service_status
# Keep trying for 5 mins in 5 sec intervals
retries: 60
delay: 5
until: >
'status' in jenkins_service_status and
jenkins_service_status['status'] == 200
when: >
jenkins_restart_required and
jenkins_admin_password != "" and
jenkins_master__github_token == ""
- name: wait for jenkins to start up after any plugin install (github oath security)
uri:
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
status_code: 200
timeout: 5
user: "{{ github_bot }}"
password: "{{ jenkins_master__github_token }}"
force_basic_auth: yes
register: jenkins_service_status
# Keep trying for 5 mins in 5 sec intervals
retries: 60
delay: 5
until: >
'status' in jenkins_service_status and
jenkins_service_status['status'] == 200
when: >
jenkins_restart_required and
jenkins_master__github_token != ""
- name: reset jenkins restart fact
set_fact:
jenkins_restart_required: no
when: jenkins_restart_required
- name: enable or disable installed jenkins plugins
jenkins_plugin:
name: "{{ item.key }}"
state: "{{ 'enabled' if item.value.enabled else 'disabled'}}"
params: "{{ jenkins_params }}"
when: >
'enabled' in item.value and
'installed' in item.value and
item.value.installed
with_dict: "{{ jenkins_master__plugins }}"
@shanedroid
Copy link
Author

shanedroid commented Sep 18, 2017
edited
Loading

Using an internal wrapper role with geerlingguy.jenkins as a dependency to be able to handle Jenkins Plugins using separate tasks rather then geerlingguy.jenkins directly. This has satisfied our use case with github-oath plugin as well.

Example use case from our Jenkins wrapper role's main.yaml:

---
- include: plugins.yml
  become: yes
  tags: [jenkins_plugins]

Example {{ jenkins_master__plugins }}:

jenkins_master__plugins_defaults: &plugin_defaults
  enabled: yes
  installed: yes
  update: yes
jenkins_master__plugins:
  ansible:
    <<: *plugin_defaults
  ansicolor:
    <<: *plugin_defaults
  credentials-binding:
    <<: *plugin_defaults
  ec2:
    <<: *plugin_defaults
  envinject:
    <<: *plugin_defaults
  github-oauth:
    <<: *plugin_defaults
  nodelabelparameter:
    <<: *plugin_defaults
  pipeline-stage-step:
    <<: *plugin_defaults
  role-strategy:
    <<: *plugin_defaults
  ssh-agent:
    <<: *plugin_defaults
  support-core:
    <<: *plugin_defaults
  workflow-durable-task-step:
    <<: *plugin_defaults
  workflow-basic-steps:
    <<: *plugin_defaults
  ws-cleanup:
    <<: *plugin_defaults

A more complete and ideal solution would probably be to script plugins instead using groovy but I haven't gotten to that yet 😐

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment